THE Supreme Court has issued guidelines on how judiciary officials and employees can protect courts’ sensitive data against online security breach and ransomware attacks.
Through Administrative Order No. 150-2023 (Proper Cyber Hygiene in Judiciary), Acting Chief Justice Marvic Leonen issued guidelines to be followed on email safety, password security, software and system updates, data backup, safe internet usage, device security, and suspicious activity reports in order to enhance the courts’ cybersecurity practices, protect sensitive data, and minimize the risk of cyber threats.
The SC also warned court officials and employees of the risks of using digital applications that employ artificial intelligence (AI) to enhance portraits of users.
“These digital applications collect users’ data and create digital images that mimic an individual’s looks and speech, which can be used to create fake profiles that can lead to identity theft, social engineering, and phishing attacks,” the SC explained.
The SC warning comes on the heels of a similar memorandum issued to all members of the defense-security establishment by Defense Secretary Gilberto Teodoro Jr.
On email safety, the Court advised justices, judges, court officials and personnel to scrutinize sender’s email address carefully, use longer passwords, update operating systems of their devices and to always back up their data to ensure their recovery in case of loss.
The guidelines were issued as an offshoot of the recent ransomware attacks involving Philippine Health Insurance Corporation (PhilHealth).
To prevent attacks through phishing emails, the guidelines recommend that all court personnel examine carefully the legitimacy of the sender’s email address for misspellings or inconsistencies and to verify links prior to clicking.
“Be cautious with urgent messages, as phishers often create a sense of urgency in their emails; check for generic greetings; double-check email attachments by scanning the same for viruses; and report suspicious emails as spam,” the SC said.
The Court also instructed court officials and personnel to avoid using personal information and dictionary words in creating passwords.
Instead, the Court said, they should use “longer passwords containing numbers, symbols, and both uppercase and lowercase letters; to avoid the same password for multiple accounts; to consider passphrases or a sequence of random words instead of passwords; to use a password manager; and to enable a multifactor authentication system in their accounts.”
Passwords, according to the Court, should never be shared with others, , even with those who claim to be from trusted institutions, and to make sure that any written passwords are stored in a secure place.
Court personnel were also directed to ensure that the operating systems of their devices such as laptops, desktops, smartphones, tablets, and other electronic devices are up to date.
The guidelines include a step-by-step guide on how to check for system updates for both Windows and Apple/Mac users and a list of free third-party anti-virus applications that may be downloaded and installed by court personnel in their devices.
The Court also suggested that court officials and personnel adopt the “-3-2-1 backup rule” to ensure data redundancy and availability in case of hardware failure, data corruption, or other catastrophes.
Under the “3-2-1 backup rule,” users must maintain three separate copies of their data (original in their primary device and two additional copies in different locations of media); two backup media/formats (i.e., one copy in an external drive and another in cloud storage); and one offsite backup, or a physical location different from both the primary data and its backup.
On safe internet usage and device security, the Court instructed court officials and personnel to download files and software only from reputable sources and utilize only secure and judiciary-approved file-sharing platforms for work-related activities.
Chief Justice Alexander Gesmundo is on official travel abroad.